<?php
/***************
* @Project	Warabi
* @Author	Feifei
* @Date		04/11/2009
***************/

/**This module is to deal the ap send card invitation**/

include_once($_SERVER['DOCUMENT_ROOT'].'/header.inc.php');

$httprequest = new wbHttpRequest();

list($headers , $body) = $httprequest->output();

$sender_name= rawurldecode($_GET["sender"]);


$photoids = array();
$invites = array();
$reqInfo = array();

$xml = simplexml_load_string($body);
if(!$xml){
	header(error_xml_structure);
	exit;
}
$link = strval($xml->link);
$description = strval($xml->description);
$photonum = intval($xml->photo);
foreach($xml->photo_id->id as $id){
	$photoids[]=strval($id);
}
foreach($xml->invite as $to){
	$invites[]=strval($to->to);
}

/**if must element(link,photoid,photonumber,invite) is empty, give a 403 response**/
if(empty($link) || empty($photonum) || count($invites)==0 || count($photoids)!=$photonum){
	header(error_xml_element_missing);
	exit;
}

/**if the sender is empty , give a 400 response**/
if(empty($sender_name)){
	header(error_url_param_missing);
	exit;
}

/**if the sender doesn't exist in database , give a 400 response**/
$db = new wbDatabase();
$sql = "select * from ".__table_app_user__." where username='".$sender_name."'";
$set = $db->query($sql);

if($db->countResult($set)==0){
	header(error_url_param_missing);
	exit;
}

$db->freeResult($set);

/** wsse authorize **/
/***if the wsse is wrong , give a 401 unauthorized response**/
$xwsse = $headers["X_WSSE"];
$type=0;
$doorkey = magicWsse($xwsse , $db , $type);

if(!$doorkey){
	header(error_autorized_header);
	exit;
}


/***collect the information**/
$reqInfo = array(
				"sender" => $sender_name,
				"link" => $link,
				"description" => $description,
				"photonum" => $photonum,
				"photoids" => $photoids,
				"invites" => $invites
);

//var_dump($reqInfo);
/** generate one card info **/
$sql = "insert into ".__table_card_info__." set
			sender = '".$reqInfo["sender"]."',
			link = '".$reqInfo["link"]."',
			description = '".$reqInfo["description"]."',
			photoNumber = '".$reqInfo["photonum"]."',
			photoIds = '".implode(',' , $reqInfo["photoids"])."'";
$err = $db->query($sql);
if(!$err){
	header(error_server_system);
	exit;
}
$tmp = $db->fetchResultBySql("select last_insert_id()");
$cardInfoId = $tmp[0];

$cardList = array();
foreach($reqInfo["invites"] as $rec){
	$sql = "insert into ".__table_card_list__." set
				cardInfoId = '".$cardInfoId."',
				sender = '".$reqInfo["sender"]."',
				receiver = '".$rec."',
				sendDate = now()";
	$err = $db->query($sql);
	if(!$err){
		header(error_server_system);
		exit;
	}
	$tmp = $db->fetchResultBySql("select last_insert_id()");
	$cid = $tmp[0];
	$cardList[] = array($rec , $cid);
}
$db->disconnect();

/***put the response to the client**/
$tid = getTid();
$resBody = "<?xml version=\"1.0\" encoding=\"utf-8\" ?>";
$resBody .= "<entry>";
$resBody .= "<tid>".$tid."</tid>";
foreach($cardList as $reply){
	$resBody .= "<invite>";
	$resBody .= "<to>".$reply[0]."</to>";
	$resBody .="<id>".$reply[1]."</id>";
	$resBody .= "</invite>";
}
$resBody .= "</entry>";

header(success_response);
header('Content-Type: text/xml');
header('Content-Length: '.strlen($resBody));
echo $resBody;

?>